Category Archives: Security

A lot of apartment buildings have callboxes that will dial a tenant and allow the tenant to open the door by pressing a key sequence. I have had to use this to call myself before when I left my keys upstairs, or that time I lost my keys for a week (but thats another story). So what happens if you don’t have your phone or your keys? Or what about when you have guests that arrive early and you’re still in the shower, getting ready or can’t get to your phone in time?

In this example, the callbox dials Tropo instead of your phone, uses the built-in IVR to ask for a password. If the password is correct, it dials the dtmf digits to open the door and sends a text message to your phone alerting you of company.

It surprises me how many times people invest the money in having a redundant edge, but fail to do the simple things: plug into different power sources and have their switch be a single point of failure. With this configuration, you could lose a power source, a firewall, a switch in the stack, and 75% of your cables and still function!

Recently when replacing an ASA5510 with a new ASA5545X, I noticed the nat was not working for a couple public ips. I used the following command to capture any packets attempting to hit that ip. The problem ended up being an arp cache issue that had to involve the provider. Something to keep in mind with fiber services – the device on site is not a layer 3 device, it only converts fiber to copper. The device that needed to be flushed was at the provider end, miles away.

I recently configured one of the new software IPS modules in an ASA X series firewall and after the initial setup, I could not access the IPS module from ASDM or from IME (IPS Management Express). I found that there are two requirements before the IPS will talk.

1. If the IPS ip address is on a different subnet than the management network (192.168.1.0 by default), you’ll need to issue “no nameif” on the Management0/0 interface

2. Even if you decide not to use the Management0/0 for ASA management, it must be in an UP and UP state, so you’ll need to connect it to your switch.